Which is your Standard Shield sensibility? High, Normal, Customized (how)?
Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
The virus is well detected and deleted/quarnatined by on-demand scan ( it is also detected by the memory scan if it is loaded at the time i launch main Avast program . )
but the resident doesn’t see it, same pb at all sensibility, normal / max / custom with all options …
A while ago, through testing, I realized that the main On-Demand scanner has a stronger malware detection than both the Resident Shield and the Quick Scanner. Also, I realized that the Quick Scanner has stronger malware detection than the Resident Shield. Apparently, even with each at its highest setting, the On-Demand scanner can scan more thoroughly the other two.
The ashQuick.exe is the most aggressive of the scanners, it will scan all files with all unpackers. On-Demand will only scan files depending on your settings (Thorough with Archives being the strongest). Resident, on-access scanners will also scan files depending on settings, but an .exe file should be scanned before execution.
@ Ascadix
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
Please post the results here.
the file might be running/loading something into memory that is being detected but the AdobeR.exe might not be what is being detected but something it is loading.
I know this 2 on-line scan, i use both of them since many time, both detect AdobeR.exe with all but 1 or 2 engines.
Avast engine catch it on both pages under “Win32:Rjump” name.
Some AV vendors tech pages said that AdobeR.exe may be dropped by another malware , but what i see is that it as a self-propagation capacity, at least by dropping copy of itself + special autorun.inf on removable drives like USB-key/disk and network mapped drives.
When a “filled” USB key is inserted on a clean system, depending on autorun setting, the worm is “autorun’ed” by windows and the worm then:
copy itself to windows folder
stay in memory ( simple process, i haven’t seen any rootkit capacity, it can killed with taskmgr )
Not a software is perfect. You have the right to claim for better detection.
But call avast not serious is going, in my opinion, too far and being unfair.
Hope Alwil team could give you priority on detection this malware.